0

I got a certificate from AWS and did dns validation in the process of https communication. But I'm not sure why you are doing that verification. To use the domain, I got a domain from a hosting company and registered it on route53. Isn't this process itself dns validation? I want to know the effect of dns validation, and I want to know what happens when dns validation is not done.

thank you.

user783741
  • 13
  • 2
  • 2
    `I want to know what happens when dns validation is not done.` A certificate will not be issued. – Greg Askew Jul 25 '21 at 12:52
  • Perhaps the phrase is a bit confusing. You're not validating your DNS domain; you're using your DNS server as proof that you own that domain to validate the certificate. This is done so someone else can't create a "valid" certificate for your domain, for example. – Oscar De León Jul 30 '21 at 16:13

1 Answers1

3

From AWS Option 1: DNS validation:

When you choose DNS validation, ACM provides you with one or more CNAME records that must be added to this database. These records contain a unique key-value pair that serves as proof that you control the domain.

With shared infrastructure, the domains of multiple customers may point to the same IP address(es). Therefore, this alone cannot be held as proof of control for any specific customer. That is probably why these records has to be unique key-value pairs.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129